{ "schemaVersion": "1", "issuer": "https://azmx.ai", "serviceVersion": "dev", "generatedAt": 1779573735, "discovery": { "issuerKeys": "https://azmx.ai/.well-known/azmx-issuer-keys.json", "revocations": "https://azmx.ai/.well-known/azmx-revocations.json", "samlMetadata": "https://azmx.ai/sso/metadata.xml", "health": "https://azmx.ai/healthz", "manifestSelf": "https://azmx.ai/compliance/manifest" }, "evidence": { "bundle": "https://azmx.ai/compliance/evidence", "sbomTemplate": "https://azmx.ai/compliance/sbom-.json", "siemExport": "https://azmx.ai/siem/export" }, "features": [ { "id": "scim", "category": "identity", "name": "SCIM 2.0 user provisioning", "endpoint": "/scim/v2/Users", "since": "v0.21" }, { "id": "saml", "category": "identity", "name": "SAML 2.0 SP", "endpoint": "/sso/acs + /sso/exchange + /sso/metadata.xml", "since": "v0.21" }, { "id": "piv-verify", "category": "identity", "name": "PIV / CAC challenge verify (RSA-SHA256 + ECDSA-SHA256)", "endpoint": "/piv/verify", "since": "v0.22" }, { "id": "piv", "category": "identity", "name": "PIV / CAC smart-card auth (challenge)", "endpoint": "/piv/challenge", "since": "v0.21" }, { "id": "alt-issuer", "category": "identity", "name": "Self-hosted license issuer (TS verifier)", "endpoint": "src/modules/license/lib/altIssuer.ts", "since": "v0.21" }, { "id": "sync-orchestrator", "category": "data", "name": "Sync orchestrator (seal+push / pull+open) with R2 integrity check", "endpoint": "src/modules/license/lib/sync-orchestrator.ts", "since": "v0.22" }, { "id": "sync-ui", "category": "data", "name": "Sync settings panel (cycle, activity log, recovery-receipt input)", "endpoint": "src/settings/sections/SyncSection.tsx", "since": "v0.22" }, { "id": "sync-cadence", "category": "data", "name": "Background sync cadence timer (skip-if-busy, skip-if-hidden)", "endpoint": "src/modules/license/lib/sync-cadence.ts", "since": "v0.22" }, { "id": "sync-init-ui", "category": "data", "name": "Device auto-registration on sync enable (/sync/init UI flow)", "endpoint": "src/modules/license/lib/sync-init.ts", "since": "v0.22" }, { "id": "sync-receipt-store", "category": "data", "name": "Sync receipt persistence (app-local secrets store, no escrow)", "endpoint": "src/modules/license/lib/sync-receipt-storage.ts", "since": "v0.22" }, { "id": "sync-delta-producer", "category": "data", "name": "Sync delta producer (source registry + hash skip-when-unchanged)", "endpoint": "src/modules/license/lib/sync-delta.ts", "since": "v0.22" }, { "id": "sync-consumer", "category": "data", "name": "Sync consumer (applyPulledBundles routes to per-source apply fns)", "endpoint": "src/modules/license/lib/sync-delta.ts#applyPulledBundles", "since": "v0.22" }, { "id": "sync-source-snippets", "category": "data", "name": "Snippets sync source (LWW + additive merge — canonical per-store integration)", "endpoint": "src/modules/ai/lib/snippets-sync.ts", "since": "v0.22" }, { "id": "sync-source-todos", "category": "data", "name": "Todos sync source (per-session LWW + additive)", "endpoint": "src/modules/ai/lib/todos-sync.ts", "since": "v0.22" }, { "id": "sync-source-memory", "category": "data", "name": "Memory sync source (global tier — LWW-by-version + additive)", "endpoint": "src/modules/ai/memory/memory-sync.ts", "since": "v0.22" }, { "id": "mcp-registry-ui", "category": "integrations", "name": "Team-shared MCP registry — Settings UI (add/list/remove)", "endpoint": "src/modules/mcp/components/TeamRegistryBlock.tsx", "since": "v0.22" }, { "id": "sync-e2e", "category": "data", "name": "Cross-device E2E sync (PBKDF2 + AES-256-GCM)", "endpoint": "/sync/{init,push,pull,blob,devices}", "since": "v0.21" }, { "id": "handoff", "category": "data", "name": "Cross-seat session handoff (1h TTL)", "endpoint": "/handoff/{push,pull,ack}", "since": "v0.21" }, { "id": "air-gap", "category": "data", "name": "Air-gap mode policy gate (Enterprise)", "endpoint": "src/modules/license/lib/airGap.ts", "since": "v0.21" }, { "id": "fips", "category": "data", "name": "FIPS 140-3 allowlist evaluator", "endpoint": "src/modules/license/lib/fipsMode.ts", "since": "v0.21" }, { "id": "signing", "category": "trust", "name": "ed25519 entitlement signer (operator-rotatable)", "endpoint": "website/functions/_lib/signing.js", "since": "v0.21" }, { "id": "discovery", "category": "trust", "name": "Public issuer pubkey discovery", "endpoint": "/.well-known/azmx-issuer-keys.json", "since": "v0.21" }, { "id": "revocations", "category": "trust", "name": "License-token revocation list", "endpoint": "/.well-known/azmx-revocations.json + /admin/revocations", "since": "v0.21" }, { "id": "key-rotate", "category": "trust", "name": "Admin key rotation helper", "endpoint": "/admin/keys/rotate", "since": "v0.21" }, { "id": "license-issue", "category": "trust", "name": "Admin license-token issuance", "endpoint": "/admin/license/issue", "since": "v0.21" }, { "id": "spend-ratio", "category": "audit", "name": "Spend ratio-mode anomaly alerts (Nx weekly average)", "endpoint": "/spend/alerts", "since": "v0.22" }, { "id": "spend-reconcile", "category": "audit", "name": "Per-device Polar invoice reconciliation", "endpoint": "/admin-console/api/spend/reconcile/", "since": "v0.22" }, { "id": "audit-ingest", "category": "audit", "name": "Redacted per-tool-call audit ingest", "endpoint": "/audit/event", "since": "v0.22" }, { "id": "audit-aggregation", "category": "audit", "name": "Admin audit aggregation (per tool + per device)", "endpoint": "/admin-console/api/audit", "since": "v0.22" }, { "id": "spend", "category": "audit", "name": "Team spend dashboard + anomaly alerts", "endpoint": "/spend/{event,summary,anomalies,alerts}", "since": "v0.21" }, { "id": "siem", "category": "audit", "name": "SIEM export (signed JSONL)", "endpoint": "/siem/export", "since": "v0.21" }, { "id": "compliance-evidence", "category": "audit", "name": "Compliance evidence bundle", "endpoint": "/compliance/evidence", "since": "v0.21" }, { "id": "sbom", "category": "audit", "name": "SBOM (CycloneDX 1.5, signed)", "endpoint": "compliance/sbom-.json", "since": "v0.21" }, { "id": "metrics", "category": "audit", "name": "Admin per-license metrics", "endpoint": "/admin/metrics", "since": "v0.21" }, { "id": "healthz", "category": "audit", "name": "Operational health introspection", "endpoint": "/healthz", "since": "v0.21" }, { "id": "notify", "category": "integrations", "name": "Slack / Discord / MS Teams webhooks", "endpoint": "/notify/{slack,discord,msteams}", "since": "v0.21" }, { "id": "policy", "category": "integrations", "name": "Pre-flight policy validation (CLI + lib)", "endpoint": "scripts/policy-check.mjs", "since": "v0.21" }, { "id": "mcp-registry", "category": "integrations", "name": "Shared MCP server registry (Teams)", "endpoint": "/mcp-registry/{add,list,attest,}", "since": "v0.21" }, { "id": "marketplace", "category": "integrations", "name": "Public skill/MCP/agent marketplace", "endpoint": "/marketplace/items + /admin/marketplace + attestation", "since": "v0.21" }, { "id": "trial-referral", "category": "funnel", "name": "Referral trial-bonus (30 days)", "endpoint": "/referral/{code,redeem,status}", "since": "v0.21" }, { "id": "trial-oss", "category": "funnel", "name": "OSS-maintainer trial-bonus (365 days)", "endpoint": "/oss/{verify,redeem,status}", "since": "v0.21" }, { "id": "trial-edu", "category": "funnel", "name": "Student .edu trial-bonus (365 days)", "endpoint": "/edu/{verify,redeem,status}", "since": "v0.21" }, { "id": "model-rates", "category": "funnel", "name": "Premium model cost-share rate card", "endpoint": "/models/rates", "since": "v0.21" }, { "id": "profiles", "category": "funnel", "name": "Public profile pages", "endpoint": "/p/", "since": "v0.21" }, { "id": "agents-queue", "category": "agents", "name": "Parallel-agent job queue (lease-based)", "endpoint": "/agents/{enqueue,jobs,claim,heartbeat,result,cancel}", "since": "v0.21" }, { "id": "checkpoint", "category": "agents", "name": "Agent checkpoint/replay state serializer", "endpoint": "src/modules/license/lib/agentCheckpoint.ts", "since": "v0.21" }, { "id": "sync-conflict", "category": "agents", "name": "Sync conflict resolution (LWW + 3-way)", "endpoint": "src/modules/license/lib/syncConflict.ts", "since": "v0.21" }, { "id": "api-tokens", "category": "identity", "name": "Per-license programmatic API tokens (Bearer)", "endpoint": "/admin-console/api/tokens", "since": "v0.22" }, { "id": "saml-trust", "category": "identity", "name": "SAML IdP issuer + cert fingerprint pinning", "endpoint": "/sso/acs", "since": "v0.22" } ], "controls": [ { "framework": "SOC2", "control": "CC6.1", "name": "Logical access controls", "features": [ "scim", "saml", "piv", "alt-issuer", "api-tokens" ] }, { "framework": "SOC2", "control": "CC6.2", "name": "Authentication of users prior to access", "features": [ "saml", "saml-trust", "piv", "piv-verify", "signing", "discovery" ] }, { "framework": "SOC2", "control": "CC6.6", "name": "External access protected via boundaries", "features": [ "air-gap", "fips", "notify" ] }, { "framework": "SOC2", "control": "CC6.7", "name": "Restrict transmission of data", "features": [ "sync-e2e", "sync-orchestrator", "sync-ui", "sync-cadence", "sync-init-ui", "sync-receipt-store", "sync-delta-producer", "sync-consumer", "sync-source-snippets", "sync-source-todos", "sync-source-memory", "handoff", "air-gap" ] }, { "framework": "SOC2", "control": "CC7.2", "name": "Monitor system components for anomalies", "features": [ "spend", "spend-ratio", "audit-aggregation", "siem", "healthz", "metrics" ] }, { "framework": "SOC2", "control": "CC7.3", "name": "Incident response capabilities", "features": [ "revocations", "key-rotate", "notify" ] }, { "framework": "SOC2", "control": "CC8.1", "name": "Change management", "features": [ "sbom", "policy", "siem" ] }, { "framework": "HIPAA", "control": "164.312(a)(1)", "name": "Access control", "features": [ "scim", "saml", "piv", "revocations" ] }, { "framework": "HIPAA", "control": "164.312(a)(2)(iv)", "name": "Encryption + decryption (addressable)", "features": [ "sync-e2e", "air-gap", "fips" ] }, { "framework": "HIPAA", "control": "164.312(b)", "name": "Audit controls", "features": [ "spend", "spend-reconcile", "audit-ingest", "audit-aggregation", "siem", "compliance-evidence", "metrics" ] }, { "framework": "HIPAA", "control": "164.312(c)(1)", "name": "Integrity", "features": [ "signing", "sbom", "checkpoint", "compliance-evidence" ] }, { "framework": "HIPAA", "control": "164.312(d)", "name": "Person/entity authentication", "features": [ "saml", "piv", "scim" ] }, { "framework": "HIPAA", "control": "164.312(e)(1)", "name": "Transmission security", "features": [ "sync-e2e", "handoff", "air-gap" ] }, { "framework": "PCI-DSS", "control": "Req 3.5", "name": "Protect stored cryptographic keys", "features": [ "signing", "key-rotate", "alt-issuer" ] }, { "framework": "PCI-DSS", "control": "Req 4.2", "name": "Strong cryptography for transmission", "features": [ "sync-e2e", "fips" ] }, { "framework": "PCI-DSS", "control": "Req 8.3", "name": "Strong authentication", "features": [ "saml", "piv", "scim" ] }, { "framework": "PCI-DSS", "control": "Req 10.2", "name": "Audit-log generation for security events", "features": [ "siem", "spend", "metrics" ] }, { "framework": "PCI-DSS", "control": "Req 12.10", "name": "Incident response plan", "features": [ "revocations", "key-rotate", "notify" ] }, { "framework": "ISO-27001", "control": "A.5.16", "name": "Identity management", "features": [ "scim", "saml", "piv", "api-tokens" ] }, { "framework": "ISO-27001", "control": "A.8.2", "name": "Privileged access rights", "features": [ "scim", "license-issue", "revocations" ] }, { "framework": "ISO-27001", "control": "A.8.11", "name": "Data masking", "features": [ "sync-e2e", "checkpoint" ] }, { "framework": "ISO-27001", "control": "A.8.12", "name": "Data leakage prevention", "features": [ "air-gap", "policy", "notify" ] }, { "framework": "ISO-27001", "control": "A.8.15", "name": "Logging", "features": [ "siem", "spend", "metrics" ] }, { "framework": "ISO-27001", "control": "A.8.24", "name": "Use of cryptography", "features": [ "fips", "signing", "discovery", "key-rotate" ] }, { "framework": "ISO-27001", "control": "A.8.25", "name": "Secure development lifecycle", "features": [ "sbom", "policy", "compliance-evidence" ] }, { "framework": "SOC2", "control": "CC9.2", "name": "Third-party vendor management", "features": [ "mcp-registry", "mcp-registry-ui", "marketplace", "model-rates" ] }, { "framework": "ISO-27001", "control": "A.5.20", "name": "Information security in supplier agreements", "features": [ "mcp-registry", "marketplace" ] }, { "framework": "ISO-27001", "control": "A.8.32", "name": "Change management — concurrent updates", "features": [ "sync-conflict", "agents-queue" ] }, { "framework": "SOC2", "control": "CC6.3", "name": "Authorization of user access", "features": [ "trial-referral", "trial-oss", "trial-edu" ] }, { "framework": "ISO-27001", "control": "A.5.34", "name": "Privacy and PII protection", "features": [ "profiles" ] } ], "canonical": "{\"controls\":[{\"control\":\"CC6.1\",\"features\":[\"scim\",\"saml\",\"piv\",\"alt-issuer\",\"api-tokens\"],\"framework\":\"SOC2\",\"name\":\"Logical access controls\"},{\"control\":\"CC6.2\",\"features\":[\"saml\",\"saml-trust\",\"piv\",\"piv-verify\",\"signing\",\"discovery\"],\"framework\":\"SOC2\",\"name\":\"Authentication of users prior to access\"},{\"control\":\"CC6.6\",\"features\":[\"air-gap\",\"fips\",\"notify\"],\"framework\":\"SOC2\",\"name\":\"External access protected via boundaries\"},{\"control\":\"CC6.7\",\"features\":[\"sync-e2e\",\"sync-orchestrator\",\"sync-ui\",\"sync-cadence\",\"sync-init-ui\",\"sync-receipt-store\",\"sync-delta-producer\",\"sync-consumer\",\"sync-source-snippets\",\"sync-source-todos\",\"sync-source-memory\",\"handoff\",\"air-gap\"],\"framework\":\"SOC2\",\"name\":\"Restrict transmission of data\"},{\"control\":\"CC7.2\",\"features\":[\"spend\",\"spend-ratio\",\"audit-aggregation\",\"siem\",\"healthz\",\"metrics\"],\"framework\":\"SOC2\",\"name\":\"Monitor system components for anomalies\"},{\"control\":\"CC7.3\",\"features\":[\"revocations\",\"key-rotate\",\"notify\"],\"framework\":\"SOC2\",\"name\":\"Incident response capabilities\"},{\"control\":\"CC8.1\",\"features\":[\"sbom\",\"policy\",\"siem\"],\"framework\":\"SOC2\",\"name\":\"Change management\"},{\"control\":\"164.312(a)(1)\",\"features\":[\"scim\",\"saml\",\"piv\",\"revocations\"],\"framework\":\"HIPAA\",\"name\":\"Access control\"},{\"control\":\"164.312(a)(2)(iv)\",\"features\":[\"sync-e2e\",\"air-gap\",\"fips\"],\"framework\":\"HIPAA\",\"name\":\"Encryption + decryption (addressable)\"},{\"control\":\"164.312(b)\",\"features\":[\"spend\",\"spend-reconcile\",\"audit-ingest\",\"audit-aggregation\",\"siem\",\"compliance-evidence\",\"metrics\"],\"framework\":\"HIPAA\",\"name\":\"Audit controls\"},{\"control\":\"164.312(c)(1)\",\"features\":[\"signing\",\"sbom\",\"checkpoint\",\"compliance-evidence\"],\"framework\":\"HIPAA\",\"name\":\"Integrity\"},{\"control\":\"164.312(d)\",\"features\":[\"saml\",\"piv\",\"scim\"],\"framework\":\"HIPAA\",\"name\":\"Person/entity authentication\"},{\"control\":\"164.312(e)(1)\",\"features\":[\"sync-e2e\",\"handoff\",\"air-gap\"],\"framework\":\"HIPAA\",\"name\":\"Transmission security\"},{\"control\":\"Req 3.5\",\"features\":[\"signing\",\"key-rotate\",\"alt-issuer\"],\"framework\":\"PCI-DSS\",\"name\":\"Protect stored cryptographic keys\"},{\"control\":\"Req 4.2\",\"features\":[\"sync-e2e\",\"fips\"],\"framework\":\"PCI-DSS\",\"name\":\"Strong cryptography for transmission\"},{\"control\":\"Req 8.3\",\"features\":[\"saml\",\"piv\",\"scim\"],\"framework\":\"PCI-DSS\",\"name\":\"Strong authentication\"},{\"control\":\"Req 10.2\",\"features\":[\"siem\",\"spend\",\"metrics\"],\"framework\":\"PCI-DSS\",\"name\":\"Audit-log generation for security events\"},{\"control\":\"Req 12.10\",\"features\":[\"revocations\",\"key-rotate\",\"notify\"],\"framework\":\"PCI-DSS\",\"name\":\"Incident response plan\"},{\"control\":\"A.5.16\",\"features\":[\"scim\",\"saml\",\"piv\",\"api-tokens\"],\"framework\":\"ISO-27001\",\"name\":\"Identity management\"},{\"control\":\"A.8.2\",\"features\":[\"scim\",\"license-issue\",\"revocations\"],\"framework\":\"ISO-27001\",\"name\":\"Privileged access rights\"},{\"control\":\"A.8.11\",\"features\":[\"sync-e2e\",\"checkpoint\"],\"framework\":\"ISO-27001\",\"name\":\"Data masking\"},{\"control\":\"A.8.12\",\"features\":[\"air-gap\",\"policy\",\"notify\"],\"framework\":\"ISO-27001\",\"name\":\"Data leakage prevention\"},{\"control\":\"A.8.15\",\"features\":[\"siem\",\"spend\",\"metrics\"],\"framework\":\"ISO-27001\",\"name\":\"Logging\"},{\"control\":\"A.8.24\",\"features\":[\"fips\",\"signing\",\"discovery\",\"key-rotate\"],\"framework\":\"ISO-27001\",\"name\":\"Use of cryptography\"},{\"control\":\"A.8.25\",\"features\":[\"sbom\",\"policy\",\"compliance-evidence\"],\"framework\":\"ISO-27001\",\"name\":\"Secure development lifecycle\"},{\"control\":\"CC9.2\",\"features\":[\"mcp-registry\",\"mcp-registry-ui\",\"marketplace\",\"model-rates\"],\"framework\":\"SOC2\",\"name\":\"Third-party vendor management\"},{\"control\":\"A.5.20\",\"features\":[\"mcp-registry\",\"marketplace\"],\"framework\":\"ISO-27001\",\"name\":\"Information security in supplier agreements\"},{\"control\":\"A.8.32\",\"features\":[\"sync-conflict\",\"agents-queue\"],\"framework\":\"ISO-27001\",\"name\":\"Change management — concurrent updates\"},{\"control\":\"CC6.3\",\"features\":[\"trial-referral\",\"trial-oss\",\"trial-edu\"],\"framework\":\"SOC2\",\"name\":\"Authorization of user access\"},{\"control\":\"A.5.34\",\"features\":[\"profiles\"],\"framework\":\"ISO-27001\",\"name\":\"Privacy and PII protection\"}],\"discovery\":{\"health\":\"https://azmx.ai/healthz\",\"issuerKeys\":\"https://azmx.ai/.well-known/azmx-issuer-keys.json\",\"manifestSelf\":\"https://azmx.ai/compliance/manifest\",\"revocations\":\"https://azmx.ai/.well-known/azmx-revocations.json\",\"samlMetadata\":\"https://azmx.ai/sso/metadata.xml\"},\"evidence\":{\"bundle\":\"https://azmx.ai/compliance/evidence\",\"sbomTemplate\":\"https://azmx.ai/compliance/sbom-.json\",\"siemExport\":\"https://azmx.ai/siem/export\"},\"features\":[{\"category\":\"identity\",\"endpoint\":\"/scim/v2/Users\",\"id\":\"scim\",\"name\":\"SCIM 2.0 user provisioning\",\"since\":\"v0.21\"},{\"category\":\"identity\",\"endpoint\":\"/sso/acs + /sso/exchange + /sso/metadata.xml\",\"id\":\"saml\",\"name\":\"SAML 2.0 SP\",\"since\":\"v0.21\"},{\"category\":\"identity\",\"endpoint\":\"/piv/verify\",\"id\":\"piv-verify\",\"name\":\"PIV / CAC challenge verify (RSA-SHA256 + ECDSA-SHA256)\",\"since\":\"v0.22\"},{\"category\":\"identity\",\"endpoint\":\"/piv/challenge\",\"id\":\"piv\",\"name\":\"PIV / CAC smart-card auth (challenge)\",\"since\":\"v0.21\"},{\"category\":\"identity\",\"endpoint\":\"src/modules/license/lib/altIssuer.ts\",\"id\":\"alt-issuer\",\"name\":\"Self-hosted license issuer (TS verifier)\",\"since\":\"v0.21\"},{\"category\":\"data\",\"endpoint\":\"src/modules/license/lib/sync-orchestrator.ts\",\"id\":\"sync-orchestrator\",\"name\":\"Sync orchestrator (seal+push / pull+open) with R2 integrity check\",\"since\":\"v0.22\"},{\"category\":\"data\",\"endpoint\":\"src/settings/sections/SyncSection.tsx\",\"id\":\"sync-ui\",\"name\":\"Sync settings panel (cycle, activity log, recovery-receipt input)\",\"since\":\"v0.22\"},{\"category\":\"data\",\"endpoint\":\"src/modules/license/lib/sync-cadence.ts\",\"id\":\"sync-cadence\",\"name\":\"Background sync cadence timer (skip-if-busy, skip-if-hidden)\",\"since\":\"v0.22\"},{\"category\":\"data\",\"endpoint\":\"src/modules/license/lib/sync-init.ts\",\"id\":\"sync-init-ui\",\"name\":\"Device auto-registration on sync enable (/sync/init UI flow)\",\"since\":\"v0.22\"},{\"category\":\"data\",\"endpoint\":\"src/modules/license/lib/sync-receipt-storage.ts\",\"id\":\"sync-receipt-store\",\"name\":\"Sync receipt persistence (app-local secrets store, no escrow)\",\"since\":\"v0.22\"},{\"category\":\"data\",\"endpoint\":\"src/modules/license/lib/sync-delta.ts\",\"id\":\"sync-delta-producer\",\"name\":\"Sync delta producer (source registry + hash skip-when-unchanged)\",\"since\":\"v0.22\"},{\"category\":\"data\",\"endpoint\":\"src/modules/license/lib/sync-delta.ts#applyPulledBundles\",\"id\":\"sync-consumer\",\"name\":\"Sync consumer (applyPulledBundles routes to per-source apply fns)\",\"since\":\"v0.22\"},{\"category\":\"data\",\"endpoint\":\"src/modules/ai/lib/snippets-sync.ts\",\"id\":\"sync-source-snippets\",\"name\":\"Snippets sync source (LWW + additive merge — canonical per-store integration)\",\"since\":\"v0.22\"},{\"category\":\"data\",\"endpoint\":\"src/modules/ai/lib/todos-sync.ts\",\"id\":\"sync-source-todos\",\"name\":\"Todos sync source (per-session LWW + additive)\",\"since\":\"v0.22\"},{\"category\":\"data\",\"endpoint\":\"src/modules/ai/memory/memory-sync.ts\",\"id\":\"sync-source-memory\",\"name\":\"Memory sync source (global tier — LWW-by-version + additive)\",\"since\":\"v0.22\"},{\"category\":\"integrations\",\"endpoint\":\"src/modules/mcp/components/TeamRegistryBlock.tsx\",\"id\":\"mcp-registry-ui\",\"name\":\"Team-shared MCP registry — Settings UI (add/list/remove)\",\"since\":\"v0.22\"},{\"category\":\"data\",\"endpoint\":\"/sync/{init,push,pull,blob,devices}\",\"id\":\"sync-e2e\",\"name\":\"Cross-device E2E sync (PBKDF2 + AES-256-GCM)\",\"since\":\"v0.21\"},{\"category\":\"data\",\"endpoint\":\"/handoff/{push,pull,ack}\",\"id\":\"handoff\",\"name\":\"Cross-seat session handoff (1h TTL)\",\"since\":\"v0.21\"},{\"category\":\"data\",\"endpoint\":\"src/modules/license/lib/airGap.ts\",\"id\":\"air-gap\",\"name\":\"Air-gap mode policy gate (Enterprise)\",\"since\":\"v0.21\"},{\"category\":\"data\",\"endpoint\":\"src/modules/license/lib/fipsMode.ts\",\"id\":\"fips\",\"name\":\"FIPS 140-3 allowlist evaluator\",\"since\":\"v0.21\"},{\"category\":\"trust\",\"endpoint\":\"website/functions/_lib/signing.js\",\"id\":\"signing\",\"name\":\"ed25519 entitlement signer (operator-rotatable)\",\"since\":\"v0.21\"},{\"category\":\"trust\",\"endpoint\":\"/.well-known/azmx-issuer-keys.json\",\"id\":\"discovery\",\"name\":\"Public issuer pubkey discovery\",\"since\":\"v0.21\"},{\"category\":\"trust\",\"endpoint\":\"/.well-known/azmx-revocations.json + /admin/revocations\",\"id\":\"revocations\",\"name\":\"License-token revocation list\",\"since\":\"v0.21\"},{\"category\":\"trust\",\"endpoint\":\"/admin/keys/rotate\",\"id\":\"key-rotate\",\"name\":\"Admin key rotation helper\",\"since\":\"v0.21\"},{\"category\":\"trust\",\"endpoint\":\"/admin/license/issue\",\"id\":\"license-issue\",\"name\":\"Admin license-token issuance\",\"since\":\"v0.21\"},{\"category\":\"audit\",\"endpoint\":\"/spend/alerts\",\"id\":\"spend-ratio\",\"name\":\"Spend ratio-mode anomaly alerts (Nx weekly average)\",\"since\":\"v0.22\"},{\"category\":\"audit\",\"endpoint\":\"/admin-console/api/spend/reconcile/\",\"id\":\"spend-reconcile\",\"name\":\"Per-device Polar invoice reconciliation\",\"since\":\"v0.22\"},{\"category\":\"audit\",\"endpoint\":\"/audit/event\",\"id\":\"audit-ingest\",\"name\":\"Redacted per-tool-call audit ingest\",\"since\":\"v0.22\"},{\"category\":\"audit\",\"endpoint\":\"/admin-console/api/audit\",\"id\":\"audit-aggregation\",\"name\":\"Admin audit aggregation (per tool + per device)\",\"since\":\"v0.22\"},{\"category\":\"audit\",\"endpoint\":\"/spend/{event,summary,anomalies,alerts}\",\"id\":\"spend\",\"name\":\"Team spend dashboard + anomaly alerts\",\"since\":\"v0.21\"},{\"category\":\"audit\",\"endpoint\":\"/siem/export\",\"id\":\"siem\",\"name\":\"SIEM export (signed JSONL)\",\"since\":\"v0.21\"},{\"category\":\"audit\",\"endpoint\":\"/compliance/evidence\",\"id\":\"compliance-evidence\",\"name\":\"Compliance evidence bundle\",\"since\":\"v0.21\"},{\"category\":\"audit\",\"endpoint\":\"compliance/sbom-.json\",\"id\":\"sbom\",\"name\":\"SBOM (CycloneDX 1.5, signed)\",\"since\":\"v0.21\"},{\"category\":\"audit\",\"endpoint\":\"/admin/metrics\",\"id\":\"metrics\",\"name\":\"Admin per-license metrics\",\"since\":\"v0.21\"},{\"category\":\"audit\",\"endpoint\":\"/healthz\",\"id\":\"healthz\",\"name\":\"Operational health introspection\",\"since\":\"v0.21\"},{\"category\":\"integrations\",\"endpoint\":\"/notify/{slack,discord,msteams}\",\"id\":\"notify\",\"name\":\"Slack / Discord / MS Teams webhooks\",\"since\":\"v0.21\"},{\"category\":\"integrations\",\"endpoint\":\"scripts/policy-check.mjs\",\"id\":\"policy\",\"name\":\"Pre-flight policy validation (CLI + lib)\",\"since\":\"v0.21\"},{\"category\":\"integrations\",\"endpoint\":\"/mcp-registry/{add,list,attest,}\",\"id\":\"mcp-registry\",\"name\":\"Shared MCP server registry (Teams)\",\"since\":\"v0.21\"},{\"category\":\"integrations\",\"endpoint\":\"/marketplace/items + /admin/marketplace + attestation\",\"id\":\"marketplace\",\"name\":\"Public skill/MCP/agent marketplace\",\"since\":\"v0.21\"},{\"category\":\"funnel\",\"endpoint\":\"/referral/{code,redeem,status}\",\"id\":\"trial-referral\",\"name\":\"Referral trial-bonus (30 days)\",\"since\":\"v0.21\"},{\"category\":\"funnel\",\"endpoint\":\"/oss/{verify,redeem,status}\",\"id\":\"trial-oss\",\"name\":\"OSS-maintainer trial-bonus (365 days)\",\"since\":\"v0.21\"},{\"category\":\"funnel\",\"endpoint\":\"/edu/{verify,redeem,status}\",\"id\":\"trial-edu\",\"name\":\"Student .edu trial-bonus (365 days)\",\"since\":\"v0.21\"},{\"category\":\"funnel\",\"endpoint\":\"/models/rates\",\"id\":\"model-rates\",\"name\":\"Premium model cost-share rate card\",\"since\":\"v0.21\"},{\"category\":\"funnel\",\"endpoint\":\"/p/\",\"id\":\"profiles\",\"name\":\"Public profile pages\",\"since\":\"v0.21\"},{\"category\":\"agents\",\"endpoint\":\"/agents/{enqueue,jobs,claim,heartbeat,result,cancel}\",\"id\":\"agents-queue\",\"name\":\"Parallel-agent job queue (lease-based)\",\"since\":\"v0.21\"},{\"category\":\"agents\",\"endpoint\":\"src/modules/license/lib/agentCheckpoint.ts\",\"id\":\"checkpoint\",\"name\":\"Agent checkpoint/replay state serializer\",\"since\":\"v0.21\"},{\"category\":\"agents\",\"endpoint\":\"src/modules/license/lib/syncConflict.ts\",\"id\":\"sync-conflict\",\"name\":\"Sync conflict resolution (LWW + 3-way)\",\"since\":\"v0.21\"},{\"category\":\"identity\",\"endpoint\":\"/admin-console/api/tokens\",\"id\":\"api-tokens\",\"name\":\"Per-license programmatic API tokens (Bearer)\",\"since\":\"v0.22\"},{\"category\":\"identity\",\"endpoint\":\"/sso/acs\",\"id\":\"saml-trust\",\"name\":\"SAML IdP issuer + cert fingerprint pinning\",\"since\":\"v0.22\"}],\"generatedAt\":1779573735,\"issuer\":\"https://azmx.ai\",\"schemaVersion\":\"1\",\"serviceVersion\":\"dev\"}", "signature": "STUB.3a9d03bca7ab5134c237dd882a46edcf33b1b11e837eec94bb386248700df027", "signingKeyFingerprint": "STUB.entitlement-signing-v0" }